Release date: 2012-03-16
Updated on: 2012-03-19
Affected Systems:
VMWare VMware View 4.6
VMWare VMware View 4.0
Unaffected system:
VMWare VMware View 4.6.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52526
CVE (CAN) ID: CVE-2012-1511
VMware View is an industry-leading desktop virtualization solution.
VMware View has multiple security vulnerabilities, which can be exploited by malicious local users to escalate permissions or execute cross-site scripting attacks.
1) There are two errors in the XPDM and WDDM display drivers, which can be exploited to cause buffer overflow.
2) The XPDM display driver contains a null pointer reference error.
3) The input passed to the View Manager Portal is not properly filtered, and arbitrary HTML and script code can be executed.
<* Source: Jeremy Conway
Link: http://secunia.com/advisories/48379/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
VMWare
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.vmware.com/security/